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USE OF PER-FLOW MONOTONICALLY DECREASING TTLs 
TO PREVENT IDS CIRCUMVENTION 


CROSS-REFERENCE TO RELATED APPLICATIONS 

[0001] The present application is related to the co-pending application entitled "USE 
OF PACKET HASHES TO PREVENT TCP RETRANSMIT OVERWRITE ATTACKS," 
*?ffEe nIcy Docket No. CIS03 67(8187), Application Serial No.*Tgg£ filed on even date herewith, 


the disclosure of which is hereby incorporated herein by reference in its entirety. 
BACKGROUND 

[0002] A typical computer networking system may include, among other things, an 
intrusion detection system (IDS) configured to monitor network traffic and to block attempted 
attacks on or intrusions into the protected network space. Such intrusion detection systems may 
coexist with various types of firewalls, packet monitors, and other devices and typically include 
intrusion sensing functions (e.g., advanced routers). These systems include both active and 
passive devices and may be generally referred to as "sensors." Passive network sensors, for 
example, may utilize "promiscuous mode" access: a promiscuous network monitoring device, 
commonly referred to as a sniffer, examines copies of all of the packets directly from the 
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